JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 102.209.18.130

102.209.18.130 was found in our database!

This IP was reported 48 times. Confidence of Abuse is 35%: ?

35%

ISP	VENNET SOLUTIONS LIMITED
Usage Type	Fixed Line ISP
ASN	AS329437
Hostname(s)	static-131.veenet.africa
Domain Name	veenet.africa
Country	🇰🇪 Kenya
City	Nairobi, Nairobi County

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 102.209.18.130

Whois 102.209.18.130

IP Abuse Reports for 102.209.18.130:

This IP address has been reported a total of 48 times from 37 distinct sources. 102.209.18.130 was first reported on January 27th 2025, and the most recent report was 1 week ago.

Old Reports: The most recent abuse report for this IP address is from 1 week ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 Vegascosmetics	2026-05-30 21:51:53 (1 week ago)	Kingcopy(AI-IDS): IP is wandering around the site and acting suspiciously.	Bad Web Bot
🇩🇪 SMARTNET	2026-05-27 06:03:53 (2 weeks ago)	Aisuru(Mirai variant) DDoS \| Incident ID: 22ada211-5b5c-463a-b46f-60fd11dc639d	DDoS Attack
Anonymous	2026-05-21 13:23:05 (2 weeks ago)	Unauthorized connection attempt on Port 23	Port Scan Hacking Exploited Host
🇬🇧 PeravixGroup	2026-05-21 10:24:59 (2 weeks ago)	Honeypot detection: Telnet / IoT device brute-force or exploitation attempt on port 23. Severity: ME ... show more Honeypot detection: Telnet / IoT device brute-force or exploitation attempt on port 23. Severity: MEDIUM. Aaran.cloud show less	IoT Targeted Brute-Force
🇺🇸 floreriaexpress	2026-05-16 07:12:01 (3 weeks ago)	FakeADS-Anti: country:KE \| https://floreriaexpresschile.cl/product-tag/flores-santiago/page/27/?max_ ... show more FakeADS-Anti: country:KE \| https://floreriaexpresschile.cl/product-tag/flores-santiago/page/27/?max_price=151260&orderby=rating show less	Bad Web Bot
🇺🇸 MPL	2026-05-11 17:14:05 (4 weeks ago)	tcp/23 (2 or more attempts)	Port Scan
🇺🇸 TPI-Abuse	2026-05-02 04:00:40 (1 month ago)	(mod_security) mod_security (id:210730) triggered by 102.209.18.130 (static-131.veenet.africa): 1 in ... show more (mod_security) mod_security (id:210730) triggered by 102.209.18.130 (static-131.veenet.africa): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat May 02 00:00:37.399821 2026] [security2:error] [pid 13782:tid 13782] [client 102.209.18.130:40796] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|borzois.com\|F\|2"] [data ".hoflin.com"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "borzois.com"] [uri "/zoi_info/www.hoflin.com"] [unique_id "afV25XLrhCtjhz__5ZtRTwAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
🇮🇩 hermawan	2026-04-28 16:56:59 (1 month ago)	[Tue Apr 28 23:35:27.706114 2026] [security2:error] [pid 32852:tid 139847437063872] [client 102.209. ... show more [Tue Apr 28 23:35:27.706114 2026] [security2:error] [pid 32852:tid 139847437063872] [client 102.209.18.130:51348] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "www.google.go.id" at REQUEST_HEADERS:Referer. [file "/etc/modsecurity/coreruleset-4.25.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "623"] [id "440068"] [msg "BAD Referer"] [data "Matched Data: www.google.go.id found within REQUEST_HEADERS:Referer: https://www.google.go.id/ request_line = GET /timeout-worker-v3.js HTTP/2.0"] [severity "NOTICE"] [hostname "staklim-jatim.bmkg.go.id"] [uri "/timeout-worker-v3.js"] [unique_id "afDhz5mCa9-otI9pk7BpuQAAQRE"], referer https://www.google.go.id/ [staklim-jatim.bmkg.go.id] [staklim-jatim.bmkg.go.id] top=[32870] [jZmR0UdFgeA] [afDhz5mCa9-otI9pk7BpuQAAQRE] keep_alive=[1] [2026-04-28 23:35:27.706120] [R:afDhz5mCa9-otI9pk7BpuQAAQRE] UA:'Mozilla/5.0 (Linux; Android 6.0.1; Nexus 5X Build/MMB29P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Mobile Sa ... show less	Email Spam Hacking
Anonymous	2026-04-22 05:23:33 (1 month ago)	Automated bot traffic — residential proxy, fake browser fingerprint. UA="Mozilla/5.0 (Windows NT 10. ... show more Automated bot traffic — residential proxy, fake browser fingerprint. UA="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36" show less	Bad Web Bot Web App Attack
Anonymous	2026-04-07 17:18:07 (2 months ago)	Try to connect to Port_Scan_80_stealth	Port Scan
🇮🇪 RoboSOC	2026-04-07 16:40:31 (2 months ago)	DLink DSL Remote OS Command Injection Vulnerability , PTR: static-131.veenet.africa.	IoT Targeted
🇺🇸 kosada.com	2026-04-04 11:18:05 (2 months ago)	Web bot: DDoS	DDoS Attack Bad Web Bot
🇹🇼 kk_it_man	2026-04-01 05:00:31 (2 months ago)		Hacking
🇮🇩 hermawan	2026-04-01 04:56:16 (2 months ago)	04/01/2026-11:56:17.041599 [Drop] [] [1:9200020:0] match JA3 string Microsoft oai-searchbot opena ... show more 04/01/2026-11:56:17.041599 [Drop] [] [1:9200020:0] match JA3 string Microsoft oai-searchbot openai.com 74-7-241-181 [**] [Classification: (null)] [Priority: 3] {TCP} 102.209.18.130:52148 -> 103.166.156.58:443 ... show less	Email Spam Hacking
🇺🇸 stechusa	2026-03-31 08:21:43 (2 months ago)	ELEVATED_THREAT \| country=KE \| ASN=Veenet-Africa \| AbuseIPDB=27% \| Facet request during elevated thr ... show more ELEVATED_THREAT \| country=KE \| ASN=Veenet-Africa \| AbuseIPDB=27% \| Facet request during elevated threat (facet_ratio=0.71, unique_ips=222) \| 13 IPs targeting /category/light-fixtures/pendant-lighting.html \| HTTP/1.1 over TLS (elevated=True) show less	Bad Web Bot DDoS Attack

Showing 1 to 15 of 48 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 193.3.53.3

🇺🇸 179.61.232.244

🇺🇸 162.216.149.64

🇩🇪 144.31.80.14

🇨🇳 139.155.126.16

🇨🇳 125.124.42.183

🇮🇩 69.5.23.222

🇩🇪 64.226.107.125

🇺🇸 64.62.197.221

🇮🇪 54.171.31.190

🇨🇳 47.103.36.53

🇸🇨 45.194.67.14

🇳🇱 45.153.34.87

🇩🇪 43.157.98.118

🇮🇳 36.50.167.81

🇨🇭 35.216.140.3

🇧🇪 35.195.3.235

🇺🇸 20.127.244.67

🇺🇸 216.218.206.72

🇺🇸 209.250.5.153